I seem to be having a problem with the secure reverse proxy. I have a
“Synology Disk Station” that hosts Apache virtual servers with one being
an administration web panel, and the other “https://192.168.2.2/photo”
being a photo/blogging site.
I have googled around and looked at the NGINX forum and have found no
solution to this problem or as to what is causing it. When I first
launch nginx everything seems to work fine as expected, but after X
amount of time testing (clearing client cache and using other browsers)
I start intermittently getting “502 Bad Gateway” errors from Nginx. Both
Nginx and Synology use a self-signed certificate. I have done a
wireshark packet dump from Nginx and decrypted the packets via the
server’s private key, and the only thing I noticed was 302 Not modified
headers and the SSL Alerts with Key renegotiation.
My network setup can be described as bellow:
192.168.2.2 [Synology (Apache)] <-> 192.168.2.151 [Nginx] <-> External
[Client]
My router is setup to serve only HTTPS 443 connections from my LAN to
external.
Versions:
nginx version: nginx/0.7.65 on Ubuntu 10.04.1 LTS (lucid)
Server version: Apache/2.2.16 (Unix)
[Nginx Config]
server {
listen 443;
ssl on;
server_name home.fractalengine.com;
##LOG
access_log /var/log/nginx/localhost.access.log;
##SSL Params
ssl_certificate ssl/storage.in.crt;
ssl_certificate_key ssl/storage.key;
keepalive_timeout 60;
ssl_verify_client off;
ssl_session_cache off;
location / {
proxy_pass https://192.168.2.2;
proxy_next_upstream error timeout invalid_header
http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_cache_use_stale error timeout invalid_header
updating http_500 http_502 http_503 http_504;
}
location /doc {
root /usr/share;
autoindex on;
allow 127.0.0.1;
deny all;
}
location /images {
root /usr/share;
autoindex on;
}
[NGINX ERROR Log]
2010/10/22 17:23:24 [error] 5206#0: *501 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: “GET /blog/modules/friend_link.js HTTP/1.1”,
upstream: “https://192.168.2.2:443/blog/modules/friend_link.js”, host:
“home.myDomain.com”, referrer:
“https://home.myDomain.com/blog/admin_index.php”
2010/10/22 17:23:24 [error] 5206#0: *506 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: “GET /blog/modules/label_cloud.js HTTP/1.1”,
upstream: “https://192.168.2.2:443/blog/modules/label_cloud.js”, host:
“home.myDomain.com”, referrer:
“https://home.myDomain.com/blog/admin_index.php”
2010/10/22 17:23:24 [error] 5206#0: *504 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: “GET /blog/modules/statistical_data.js
HTTP/1.1”, upstream:
“https://192.168.2.2:443/blog/modules/statistical_data.js”, host:
“home.myDomain.com”, referrer:
“https://home.myDomain.com/blog/admin_index.php”
2010/10/22 17:23:24 [error] 5206#0: *507 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: “GET /blog/modules/recent_article.js
HTTP/1.1”, upstream:
“https://192.168.2.2:443/blog/modules/recent_article.js”, host:
“home.myDomain.com”, referrer:
“https://home.myDomain.com/blog/admin_index.php”
Again the weird thing is it stops working after X amount of time
testing. I’m starting to think it has something to do with the
connection timeout from Nginx to Apache?? Or maybe something with the
Cache?
Any help would be greatly appreciated!
Thanks!
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,144108,144108#msg-144108